Forum Discussion

IvanWilson's avatar
IvanWilson
Iron Contributor
Jun 28, 2024

Purview Information Protection for internal and external emails

I'm working with an organisation that is starting to use sensitivity labels. They have Office 365 E3 licenses. The current plan is to set up a default label for documents and emails called "Internal Only". This label will encrypt contents and grant co-author permissions to all staff. 

 

The challenge will be when emails include external recipients. Ideally, the user will change from the default label to one that grants access to any recipients. However, I can imagine that there will be many cases where they forget to do this.

 

If we had Office 365 E5 licenses, we would have the option to create a DLP policy to show a policy tip. I I would expect this would reduce the incidents of mislabeling. 

 

I have seen recommendations to avoid encrypting by default and only use it where needed. However this client is keen to use encryption to protect as much content as possible.

 

One suggestion could be to change the default email label to only grant access to the sender and recipients, regardless of whether they are internal or external. 

 

I'm interested in any real-world feedback on how others have tackled this issue.

data loss prevention
email security
microsoft information protection

3 Replies

  • mohan1921's avatar
    mohan1921
    Copper Contributor
    Sep 20, 2024
    It is not recommended to use default label with encryption
    • IvanWilson's avatar
      IvanWilson
      Iron Contributor
      Sep 23, 2024

      mohan1921 Microsoft recently published a guide called "Secure by default with Microsoft Purview". This does recommend using a default sensitivity label for documents that does implement encryption. 

       

      https://learn.microsoft.com/en-us/purview/deploymentmodels/depmod-securebydefault-phase1#start-with-default-labels-and-protection-at-file-and-site-level 

  • leandrogoncalves's avatar
    leandrogoncalves
    Copper Contributor
    Sep 20, 2024
    I understand your struggle...
    We are also trying to adopt sensitivity labels, in order to maximize data protection in the future but also lowering user impact, this forces some automation of purview. For example if all recipients are internal the mail could be automatically labelled as internal, if there is an external recipient the label should be external while showing a warning tooltip.
    Also the Inheritance of label from attachments only works for Old Outlook for Windows....

    https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions#sensitivity-label-capabilities-in-outlook

Resources